This event is generated when an attacker attempts to exploit a denial of service vulnerability in ISC Bind's libdns library.
Detection of a Denial of Service Attack
This rule checks for an attempt to exploit a denial of service vulnerability in the ISC Bind libdns library's handling of EDNS options.
Ease of Attack:
What To Look For
No public information
No known false positives
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2014-3859libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.
||Ease of Access||